<?php 
	//Connect to database
	$mysql_host = "mysql.hostinger.ru";
	$mysql_database = "u168361203_cchat";
	$mysql_user = "u168361203_admin";
	$mysql_password = "sonmi860302"; 

	// perform connecting
	$db_handle = mysql_connect($mysql_host, $mysql_user , $mysql_password );
	//choose database to take action
	$db_found = mysql_select_db($mysql_database,$db_handle);
	
	//if data is found,
	if ($db_found) {
		//read params
		$action=$_REQUEST['action'].''; //read, add, update
		if ($action=='')
		{
			print ('-ERR-');//incorrect query
			exit();
		}
		
		//tiny: sendmsg
		if ($action=='sendmsg')
		{
			$sql='INSERT INTO `messages` (`fromid`, `toid`, `message`, `sentTime`, `status`, `location`) VALUES (\'$fromid\', \'$toid\',\'$message\', \'$sentTime\',   \'$status\', \'$location\') ;';
			
			$fromid = $_REQUEST['fromid'].'';
			$toid = $_REQUEST['toid'].'';
			$sentTime = $_REQUEST['sentTime'].'';
			$message = $_REQUEST['message'].'';
			$status = $_REQUEST['status'].'';
			$location = $_REQUEST['location'].'';
			
			$sql = str_replace('$fromid',$fromid, $sql);
			$sql = str_replace('$toid',$toid, $sql);
			$sql = str_replace('$sentTime',$sentTime, $sql);
			$sql = str_replace('$message',$message, $sql);
			$sql = str_replace('$status',$status, $sql);
			$sql = str_replace('$location',$location, $sql);
			
			$result = mysql_query($sql) or die( mysql_error());
			
			if ($result != null)
			{
				print ('1'); // successful
				$lastInsertedID = mysql_insert_id($db_handle).'';
				print '|'.$lastInsertedID;
			} else{
				print ('0'); //failed
			}
		} 
		else if ($action=='checkmsg')
		{
			$sql = 'SELECT `id`, `fromid`, `message`, `sentTime`, `status`, `location` FROM `messages` WHERE `toid`=\'$toid\' and `status`=\'$status\'; ';
			
			$toid = $_REQUEST['toid'].'';
			$status = $_REQUEST['status'].'';
			if ($status=='')
				$status='0';
			$sql = str_replace('$toid',$toid, $sql);
			$sql = str_replace('$status',$status, $sql);
			$result = mysql_query($sql) or die( mysql_error());
			
			$numRows = mysql_num_rows($result);
			if ($numRows==0)
				print '{}';	
			else
			{
				while ( $db_field = mysql_fetch_assoc($result) ) {
					print '{';				
					print $db_field['id'].'|';
					print $db_field['fromid'].'|';
					print $db_field['message'].'|';
					print $db_field['sentTime'].'|';
					print $db_field['status'].'|';
					print $db_field['location'];
					print '}';
				}
			}
		}
		else if ($action=='checkmsgstatus')
		{
			$sql = 'SELECT `status`, `statusTime`,`location` FROM `messages` WHERE `id`=\'$id\'; ';
			$mid = $_REQUEST['mid'].'';
			$sql = str_replace('$id',$mid, $sql);
			$result = mysql_query($sql) or die( mysql_error());
			
			$numRows = mysql_num_rows($result);
			if ($numRows==0)
				print 'INVALID_MID';	
			else
			{
				while ( $db_field = mysql_fetch_assoc($result) ) {
					print $db_field['status'].'|';
					print $db_field['statusime'].'|';
					print $db_field['location'];
				}
			}
		}
		else if ($action=='updatemsgstatus')
		{
			$sql = 'UPDATE `messages` SET `status`=\'$status\', `statusTime`=\'$statusTime\' WHERE `id`=\'$id\' ; ';
			$status = $_REQUEST['status'].'';
			$statusTime = $_REQUEST['statusTime'].'';
			$id = $_REQUEST['mid'].'';
			$sql = str_replace('$id',$id, $sql);
			$sql = str_replace('$status',$status, $sql);
			$sql = str_replace('$statusTime',$statusTime, $sql);
			$result = mysql_query($sql) or die( mysql_error());
			if ($result != null)
			{
				print ('1'); // successful
			} else{
				print ('0'); //failed
			}		
		}
		else if ($action=='getuserinfo')
		{
			$sql = 'SELECT `email`, `dob`, `avatar`, `status`,`lastOnlineTime`,`lastLocation` FROM `users` WHERE `username`=\'$username\' ; ';
			$username = $_REQUEST['username'].'';
			$sql = str_replace('$username',$username, $sql);
			$result = mysql_query($sql) or die( mysql_error());

			$numRows = mysql_num_rows($result);
			if ($numRows==0)
				print 'INVALID_USERID';	
			else
			{
				while ( $db_field = mysql_fetch_assoc($result) ) {
					print $db_field['email'].'|';
					print $db_field['dob'].'|';
					print $db_field['avatar'].'|';
					print $db_field['status'].'|';
					print $db_field['lastOnlineTime'].'|';
					print $db_field['lastLocation'];
				}
			}
		}
		else if ($action=='updateuserinfo')
		{
			$sql = 'UPDATE `users` SET `dob`=\'$dob\', `avatar`=\'$avatar\' WHERE `username`=\'$username\' ; ';
			$username = $_REQUEST['username'].'';
			$dob = $_REQUEST['dob'].'';
			$avatar = $_REQUEST['avatar'].'';
			$sql = str_replace('$username',$username, $sql);
			$sql = str_replace('$dob',$dob, $sql);
			$sql = str_replace('$avatar',$avatar, $sql);
			$result = mysql_query($sql) or die( mysql_error());
			if ($result != null)
			{
				print ('1'); // successful
			} else{
				print ('0'); //failed
			}		
		}
		else if ($action=='updateuserstatus')
		{
			$sql = 'UPDATE `users` SET `status`=\'$status\', `lastOnlineTime`=\'$lastOnlineTime\', `lastLocation`=\'$lastLocation\' WHERE `username`=\'$username\' ; ';
			$username = $_REQUEST['username'].'';
			$status = $_REQUEST['status'].'';
			$lastOnlineTime = $_REQUEST['lastOnlineTime'].'';
			$lastLocation = $_REQUEST['lastLocation'].'';
			$sql = str_replace('$username',$username, $sql);
			$sql = str_replace('$status',$status, $sql);
			$sql = str_replace('$lastOnlineTime',$lastOnlineTime, $sql);
			$sql = str_replace('$lastLocation',$lastLocation, $sql);
			$result = mysql_query($sql) or die( mysql_error());
			if ($result != null)
			{
				print ('1'); // successful
			} else{
				print ('0'); //failed
			}		
		}
		else if ($action=='checkonlinestatus')
		{
			$sql = 'SELECT `status`, `lastOnlineTime`, `lastLocation` FROM `users` WHERE username=\'$username\' ;';
			$username = $_REQUEST['username'].'';
			$sql = str_replace('$username',$username, $sql);
			//$sql = mysql_real_escape_string($sql, $db_handle);
			$result = mysql_query($sql) or die( mysql_error());
			
			$numRows = mysql_num_rows($result);
			if ($numRows==0)
				print 'INVALID_USERID';	
			else
			{
				while ( $db_field = mysql_fetch_assoc($result) ) {
					print $db_field['status'].'|'.$db_field['lastOnlineTime'].'|'.$db_field['lastLocation'];
				}
			}
		}
		else if ($action=='adduser')
		{
			$sql = 'INSERT INTO `users`(`username`,`password`, `email`, `dob`, `avatar`, `status`, `lastOnlineTime`, `lastLocation`) VALUES(\'$username\', \'$password\', \'$email\', \'$dob\', \'$avatar\', \'$status\', \'$lastOnlineTime\', \'$lastLocation\' ); ';
			$username = $_REQUEST['username'].'';
			$password = $_REQUEST['password'].'';
			$email = $_REQUEST['email'].'';
			$dob = $_REQUEST['dob'].'';
			$avatar = $_REQUEST['avatar'].'';
			$status = $_REQUEST['status'].'';
			$lastOnlineTime = $_REQUEST['lastOnlineTime'].'';
			$lastLocation = $_REQUEST['lastLocation'].'';
			$sql = str_replace('$username',$username, $sql);
			$sql = str_replace('$password',$password, $sql);
			$sql = str_replace('$email',$email, $sql);
			$sql = str_replace('$dob',$dob, $sql);
			$sql = str_replace('$avatar',$avatar, $sql);
			$sql = str_replace('$status',$status, $sql);
			$sql = str_replace('$lastOnlineTime',$lastOnlineTime, $sql);
			$sql = str_replace('$lastLocation',$lastLocation, $sql);
			$result = mysql_query($sql) or die( mysql_error());
			
			if ($result != null)
			{
				print ('1'); // successful
				$lastInsertedID = mysql_insert_id($db_handle).'';
				print '|'.$lastInsertedID;
			} else{
				print ('0'); //failed
			}
		}
	}
	else {
		//no database found
		print ("e|-1");
	}
	
	//tiny: close connection when done
	if ($db_found) {
		mysql_close($db_handle);
	}
?>